+++ /dev/null
-From 389e2344f86319265fb72ae590b470716e038fdc Mon Sep 17 00:00:00 2001
-From: Sicelo A. Mhlongo <absicsz@gmail.com>
-Date: Tue, 17 Dec 2024 11:31:29 +0200
-Subject: [PATCH] ussd: ensure ussd content fits in buffers
-
-Fixes: CVE-2024-7539
-
-CVE: CVE-2024-7539
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=389e2344f86319265fb72ae590b470716e038fdc]
-
-Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
----
- drivers/atmodem/ussd.c | 5 ++++-
- drivers/huaweimodem/ussd.c | 5 ++++-
- drivers/speedupmodem/ussd.c | 5 ++++-
- 3 files changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/drivers/atmodem/ussd.c b/drivers/atmodem/ussd.c
-index 32a9fe9..99da559 100644
---- a/drivers/atmodem/ussd.c
-+++ b/drivers/atmodem/ussd.c
-@@ -93,7 +93,7 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
- const char *content;
- int dcs;
- enum sms_charset charset;
-- unsigned char msg[160];
-+ unsigned char msg[160] = {0};
- const unsigned char *msg_ptr = NULL;
- long msg_len;
-
-@@ -113,6 +113,9 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
- if (!g_at_result_iter_next_number(&iter, &dcs))
- dcs = 0;
-
-+ if (strlen(content) > sizeof(msg) * 2)
-+ goto out;
-+
- if (!cbs_dcs_decode(dcs, NULL, NULL, &charset, NULL, NULL, NULL)) {
- ofono_error("Unsupported USSD data coding scheme (%02x)", dcs);
- status = 4; /* Not supported */
-diff --git a/drivers/huaweimodem/ussd.c b/drivers/huaweimodem/ussd.c
-index 5e1c907..3d165c8 100644
---- a/drivers/huaweimodem/ussd.c
-+++ b/drivers/huaweimodem/ussd.c
-@@ -38,7 +38,7 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
- int status;
- int dcs = 0;
- const char *content;
-- unsigned char msg[160];
-+ unsigned char msg[160] = {0};
- const unsigned char *msg_ptr = NULL;
- long msg_len;
-
-@@ -55,6 +55,9 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
-
- g_at_result_iter_next_number(&iter, &dcs);
-
-+ if (strlen(content) > sizeof(msg) * 2)
-+ goto out;
-+
- msg_ptr = decode_hex_own_buf(content, -1, &msg_len, 0, msg);
-
- out:
-diff --git a/drivers/speedupmodem/ussd.c b/drivers/speedupmodem/ussd.c
-index aafa4bc..a5efde0 100644
---- a/drivers/speedupmodem/ussd.c
-+++ b/drivers/speedupmodem/ussd.c
-@@ -37,7 +37,7 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
- int status;
- int dcs = 0;
- const char *content;
-- unsigned char msg[160];
-+ unsigned char msg[160] = {0};
- const unsigned char *msg_ptr = NULL;
- long msg_len;
-
-@@ -54,6 +54,9 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
-
- g_at_result_iter_next_number(&iter, &dcs);
-
-+ if (strlen(content) > sizeof(msg) * 2)
-+ goto out;
-+
- msg_ptr = decode_hex_own_buf(content, -1, &msg_len, 0, msg);
-
- out:
---
-2.40.0
+++ /dev/null
-From 29ff6334b492504ace101be748b256e6953d2c2f Mon Sep 17 00:00:00 2001
-From: "Sicelo A. Mhlongo" <absicsz@gmail.com>
-Date: Tue, 17 Dec 2024 11:31:28 +0200
-Subject: [PATCH] atmodem: sms: ensure buffer is initialized before use
-
-Fixes: CVE-2024-7540
-Fixes: CVE-2024-7541
-Fixes: CVE-2024-7542
-
-CVE: CVE-2024-7540
-CVE: CVE-2024-7541
-CVE: CVE-2024-7542
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=29ff6334b492504ace101be748b256e6953d2c2f]
-Signed-off-by: Peter Marko <peter.marko@siemens.com>
----
- drivers/atmodem/sms.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/drivers/atmodem/sms.c b/drivers/atmodem/sms.c
-index d994856b..0668c631 100644
---- a/drivers/atmodem/sms.c
-+++ b/drivers/atmodem/sms.c
-@@ -399,7 +399,7 @@ static void at_cmt_notify(GAtResult *result, gpointer user_data)
- struct sms_data *data = ofono_sms_get_data(sms);
- GAtResultIter iter;
- const char *hexpdu;
-- unsigned char pdu[176];
-+ unsigned char pdu[176] = {0};
- long pdu_len;
- int tpdu_len;
-
-@@ -466,7 +466,7 @@ static void at_cmgr_notify(GAtResult *result, gpointer user_data)
- struct sms_data *data = ofono_sms_get_data(sms);
- GAtResultIter iter;
- const char *hexpdu;
-- unsigned char pdu[176];
-+ unsigned char pdu[176] = {0};
- long pdu_len;
- int tpdu_len;
-
-@@ -648,7 +648,7 @@ static void at_cmgl_notify(GAtResult *result, gpointer user_data)
- struct sms_data *data = ofono_sms_get_data(sms);
- GAtResultIter iter;
- const char *hexpdu;
-- unsigned char pdu[176];
-+ unsigned char pdu[176] = {0};
- long pdu_len;
- int tpdu_len;
- int index;
---
-2.30.2
-
+++ /dev/null
-From git@z Thu Jan 1 00:00:00 1970
-Subject: [PATCH] rmnet: Handle toolchains with old kernel headers
-From: Richard Purdie <richard.purdie@linuxfoundation.org>
-Date: Thu, 19 Dec 2024 13:47:15 +0000
-Message-Id: <e2b6a94dd9a3789e31dafadfc70c53b565d1db04.camel@linuxfoundation.org>
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 7bit
-
-The RMNET_FLAGS_*GRESS_MAP_CKSUMV5 defines were added to the kernel in
-5.14[1] and some toolchains use older headers, so add fallback defines
-in case they are needed.
-
-[1] linux b6e5d27e32ef6089d316ce7e1ecaf595584d4b84
-
-Upstream-Status: Submitted [https://lore.kernel.org/ofono/e2b6a94dd9a3789e31dafadfc70c53b565d1db04.camel@linuxfoundation.org/T/#u]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
----
- src/rmnet.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/src/rmnet.c b/src/rmnet.c
-index 42b03249..9a7f52fb 100644
---- a/src/rmnet.c
-+++ b/src/rmnet.c
-@@ -27,6 +27,16 @@
- #define MAX_MUX_IDS 254U
- #define DEFAULT_MTU 1400U
-
-+/*
-+ * These were added in 5.14 so define them here if the toolchain's kernel headers are old.
-+ */
-+#ifndef RMNET_FLAGS_INGRESS_MAP_CKSUMV5
-+#define RMNET_FLAGS_INGRESS_MAP_CKSUMV5 (1U << 4)
-+#endif
-+#ifndef RMNET_FLAGS_EGRESS_MAP_CKSUMV5
-+#define RMNET_FLAGS_EGRESS_MAP_CKSUMV5 (1U << 5)
-+#endif
-+
- struct rmnet_request {
- uint32_t parent_ifindex;
- rmnet_new_interfaces_func_t new_cb;
---
-2.43.0
-
projects / thirdparty / openembedded / openembedded-core.git / commitdiff
